 鲜花( 1)  鸡蛋( 0)
|
楼主 |
发表于 2006-5-5 16:59
|
显示全部楼层
Logfile of HijackThis v1.99.1" U& c3 E6 J4 |' X/ z. l- z
Scan saved at 16:55:24, on 2006-5-6+ X! l+ C, m& I* ~7 @, F
Platform: Windows XP SP2 (WinNT 5.01.2600)
3 D- Q; Q- ^; {: H( a' h7 o" eMSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
k: A; M% [! {% y: x: X6 x9 m) T! ?+ h. j" B# b8 s
Running processes:
$ a4 w3 t' w8 O1 a: v$ {" ]% PC:\WINDOWS\System32\smss.exe! l8 I. {% x, h, Y: ^5 ~5 g' t6 r* j
C:\WINDOWS\system32\winlogon.exe! G1 B1 P. D0 i; I8 _9 P% N' C
C:\WINDOWS\system32\services.exe
5 I6 a' ~0 ]5 e2 j( z, M. TC:\WINDOWS\system32\lsass.exe/ e F$ L' m7 O- t: k/ G
C:\Program Files\Common Files\Virtual Token\vtserver.exe
( Y& f: ^( G) P& Z" \$ e& iC:\WINDOWS\system32\ibmpmsvc.exe
+ T6 [; z( }8 t- n UC:\WINDOWS\system32\svchost.exe
# J) S& w9 _/ ?: kC:\WINDOWS\System32\svchost.exe
: S1 m, B$ J" h7 }7 w6 g: CC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2 U" r$ Y0 g. _. Q( V1 BC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
6 X5 a6 @6 Y9 U, L4 q- h! JC:\WINDOWS\system32\spoolsv.exe* A$ F/ `/ R5 p4 q+ A
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
, [+ m. i5 v! E$ n0 Z3 R; IC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe8 w8 A7 ?/ b; c2 ]7 S. E# L
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
6 T0 h7 r, w* Q. l9 w fC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE1 X# y t% c2 }% [4 @" H" I
C:\Program Files\F-Secure\Common\FSMA32.EXE
0 t, H+ } J) g( AC:\Program Files\F-Secure\Common\FSMB32.EXE
! i, t* K$ Q9 ]! r5 sC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe" N, ?* w+ A9 w
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
1 Y. P5 P& H' M) e) D) EC:\WINDOWS\System32\QCONSVC.EXE
( g2 k; h0 j( @& iC:\Program Files\F-Secure\Common\FCH32.EXE' |1 U/ D% I8 D( z% q) e
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe% F) q- K9 B2 v( X1 a
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
& m: S. j J8 t% Y0 O, V- X) d/ tC:\WINDOWS\System32\TPHDEXLG.EXE
+ g8 G( y8 U% U! oC:\Program Files\F-Secure\Common\FAMEH32.EXE0 }9 \& N5 x% \. b
C:\WINDOWS\system32\TpKmpSVC.exe: w9 [9 X( v! S( Q2 N
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
+ z5 l4 k# J* X3 I1 f5 y* _ _; jC:\Program Files\F-Secure\Anti-Virus\fsrw.exe
: T: B: M: u L" C9 wC:\Program Files\F-Secure\Common\FNRB32.EXE# _7 ]7 j8 g' Z9 H
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
, ^5 O8 ]- U1 }$ Y4 pC:\Program Files\F-Secure\Common\FIH32.EXE
4 P# X& ]) V: T: Z3 xC:\Program Files\F-Secure\Anti-Virus\fsav32.exe) p$ F$ ]( l6 M2 c, h
C:\WINDOWS\Explorer.EXE9 l# Y+ }" l; J- {3 t" i
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe! S; A$ m4 A& l
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe p% h( E' N& S" `
C:\WINDOWS\system32\hkcmd.exe
5 c8 s0 H; N+ T' c, z' XC:\WINDOWS\system32\TpShocks.exe
8 w2 X8 S) t! X8 t9 k$ x5 K0 X& aC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe. [* g" G y0 o7 [. c
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
" ~3 E O8 o$ }. LC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe& r% ^0 p$ l# o9 G
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe0 h: a! D$ g5 B4 i' u* w
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe# y7 Q" W( f* t5 K/ ]. t
C:\WINDOWS\system32\dla\tfswctrl.exe& C, _) G, b1 i# k8 A+ M" D
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
/ l3 s- m& c( CC:\IBMTOOLS\UTILS\ibmprc.exe
0 C& O7 ]$ e; B' eC:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE; W& A: C; U" z. Q% U4 ^- [
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE, h! O; N, m$ a$ a3 d* L% P; w
C:\WINDOWS\System32\svchost.exe
* V3 ^' T6 u# X; _) fC:\WINDOWS\system32\rundll32.exe+ z4 Q$ K# a$ U( C/ C8 ~ Y
C:\Program Files\F-Secure\Common\FSM32.EXE- i0 S: M4 i: D- n
C:\WINDOWS\system32\CTFMON.EXE
8 {1 V j6 S5 z5 S }C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
+ B, L5 L1 G3 h8 c% {C:\Program Files\Digital Line Detect\DLG.exe
7 \8 V( d/ I& K: y. o! w- lC:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe6 o {4 v& K4 i) V5 Z' u q
C:\Program Files\F-Secure\FSGUI\fsguidll.exe* Z" G* n/ _0 d* L
C:\Program Files\Messenger\msmsgs.exe
6 H ~# K( k) {# J+ pC:\Program Files\Internet Explorer\iexplore.exe
R( A8 L5 R( o( P7 b# \( V( u: IC:\DOCUME~1\SHIXIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe# Z l* b. b& V6 C T- A: a e
5 a# w' y* c6 }0 C) m2 ]O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
2 f# k) T+ h; r( X9 {* YO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe* Q, Y) c3 C* C7 }! ]5 _
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3 u) k: Q( y# gO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
/ Q! R& A% |7 K# A+ WO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
2 S& ]2 i7 g1 c# M" P; u7 VO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper( i7 ]' q: d1 @% x$ b' e& Q6 U7 b! U. u7 g
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
" s% m/ b0 X6 @7 p8 q; dO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe7 \ @* d$ |# K d9 |
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
" O7 @2 S9 g9 K: c FO4 - HKLM\..\Run: [TP4EX] tp4ex.exe
3 Q3 x) K$ C o" p' M( l; VO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe2 k9 d- Y6 |$ X1 r/ ]
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe, y( c* M7 d& F0 c) Q( b. B
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray8 Q! e9 R3 h/ g) O
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r0 |) l2 Q% R/ T% j9 _2 y" }; z
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe# W6 B7 U1 I J6 _5 ~6 B
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
( d1 R1 W# G# v* u* Y8 l: tO4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
* o7 U2 K) {( |, Y8 eO4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
X b( C/ ~- C& YO4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
, J* f% B7 O+ bO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
' Y; t% B" M! Z- R; \. z! mO4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog1 s. [2 v* J0 C$ H- d) T, p1 A6 X
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
# D s$ S9 k% t5 k) Z6 Q. ?4 a5 ^O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
# ?# v3 x2 r" {! |O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC. Y) F) u& L7 ~# ^
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
% @! U" Z5 Z) gO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName8 S: ~6 _) B/ d. ]& e
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
8 O t% d- X. i% iO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW6 T2 T. E, B+ p2 z
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe( ~% ^) Q$ B! r/ z/ u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
k: i/ I% Q( OO4 - Global Startup: Digital Line Detect.lnk = ?
+ F' I8 B% m% _( l8 jO4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe9 J! F* x: [0 ]
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
9 A1 }1 `* q' d5 G9 lO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
# q/ S1 j3 B$ I. tO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll `6 m$ B, \$ i
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll# o! N$ r8 X; I. b3 ~
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll8 \+ \" t6 n+ S# ~1 r
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe4 O) D& _% ~; l, J" m" J
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe' T$ r& ]7 {! \ X& u
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe7 L8 r( l; h. f0 g( j9 A
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
4 d" U+ A# d' v# O( H: iO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll+ Q. N8 {5 k4 G+ k: K. i& V3 M
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
/ {9 D$ O9 q) L- J/ JO11 - Options group: [JAVA_IBM] Java (IBM)
8 W4 C5 N) _% g9 Q9 Z: SO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
7 M6 {) m- a. D9 q! HO20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll% A6 a! X4 p# Z4 e8 ]! r
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll( {5 [0 E+ J! d& z: E5 f
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
/ N1 }) i2 N0 I8 C* x5 HO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
& q1 o$ F" e) v% e9 YO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe. u; d$ [' U4 |
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
: L, i. j2 Z, W# k8 K" \! gO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
. Z1 h( ]2 e- a7 s2 K0 ?* t% qO23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
5 K) Y8 S9 Y! T5 e& |O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
0 o% H+ ]' Z, g+ R. q7 sO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
6 L% e; o- m. D- xO23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe, m# I2 J# T4 c
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
8 _3 C# c4 t2 E! N1 mO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe5 I1 z7 d( T, {
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
4 {. \8 h5 q+ w- aO23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE; D; G7 b* O& }8 d1 V& y
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1 c) S/ v+ X- P# }3 d6 R: s. l# hO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
$ I4 B. z, [4 p; N4 U4 a7 R) lO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
- [' q0 a4 n% w _: k7 M$ SO23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
: A, L8 q7 p! |+ G4 MO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe& v; d7 ^1 k$ k f' W9 ?2 K
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe |
|
楼主: 九月
狗仔卡
发表于 2006-5-5 13:40
显身卡
